Solutions Architect ADEntra Architect

Job Description and Responsibilities

TI is seeking a senior AD and Entra architect to lead the design and evolution of our enterprise identity infrastructure supporting both IT and OT environments. This role will architect and optimize Active Directory and Microsoft Entra ID (Azure AD) solutions that serve as the backbone for identity management across our global organization supporting 50000 users and complex hybrid cloud deployments. You will design scalable identity solutions while ensuring seamless integration between on-premises legacy systems modern cloud applications and increasingly critical operational technology environments.

Key responsibilities will be as follows:

• Design and implement enterprise-scale Active Directory forest architectures including multi-domain topologies trust relationships and site replication strategies
• Architect Microsoft Entra ID tenant configurations supporting hybrid identity scenarios conditional access policies and zero-trust security models
• Develop and enforce identity governance frameworks including role-based access control (RBAC) privileged identity management (PIM) and lifecycle management processes
• Design secure authentication and authorization patterns for enterprise applications including SAML OAuth 2.0 OpenID Connect and Kerberos implementations
• Partner with cybersecurity infrastructure and application teams to establish identity security standards and access management best practices
• Evaluate and integrate emerging identity technologies to enhance user experience while maintaining security posture
• Lead cross-functional identity modernization initiatives including legacy application migration and cloud-first identity strategies
• Provide technical leadership and mentoring to identity engineering teams across global locations
• Establish monitoring and governance frameworks to ensure identity infrastructure performance compliance and security metrics

Experience Requirements:

• Overall 8 years of experience in identity and access management systems architecture or related enterprise infrastructure roles
• Minimum 5 years of hands-on experience architecting and managing Active Directory in enterprise environments (10000 users)
• Minimum 3 years of experience with Microsoft Entra ID (Azure AD) architecture and hybrid identity implementations

Expertise/Required Skills:

Deep expertise in the following:

• Active Directory Domain Services (AD DS) architecture including:
  • Multi-forest and multi-domain design patterns
  • Site topology optimization and replication management
  • Group Policy architecture and delegation models
  • Trust relationships and cross-forest authentication
• Microsoft Entra ID (Azure AD) advanced configurations including:
  • Hybrid identity with Azure AD Connect/Cloud Sync
  • Conditional Access policy design and implementation
  • Privileged Identity Management (PIM) and Identity Governance
  • Application integration patterns and enterprise application gallery
• Identity federation protocols and standards (SAML 2.0 OAuth 2.0 OpenID Connect WS-Federation)
• Certificate-based authentication and PKI integration with identity services

Enterprise identity management:

• Identity lifecycle management and automated provisioning/deprovisioning
• Role-based access control (RBAC) Attribute-based access control (ABAC) & Policy based-access control (PBAC) models
• Single Sign-On (SSO) architecture for SaaS on-premises and hybrid applications
• Multi-factor authentication (MFA) strategy and implementation across diverse application portfolios
• Directory synchronization patterns and identity data governance
• Operational Technology (OT) identity management experience:
  • Access management for industrial control systems (SCADA DCS PLCs)
  • Understanding of OT network segmentation and air-gapped environment challenges
  • Experience with OT-specific authentication protocols and legacy system integration
  • Hardening & segregation of legacy OT systems services & data avoiding downtime or disruptions

Technical architecture skills:

• PowerShell Microsoft Graph API and Azure CLI for identity automation
• Directory services protocols (LDAP LDAPS Kerberos NTLM)
• Network architecture understanding for identity services (DNS firewalls load balancers)
• Windows Server infrastructure and enterprise-scale system administration
• Cloud architecture patterns in Azure with understanding of other major cloud platforms

Leadership and communication:

• Proven ability to influence technical decision-making across global cross-functional teams
• Exceptional communication skills to translate complex identity concepts for business stakeholders
• Experience mentoring and developing technical teams in identity management practices
• Strong project management capabilities for large-scale identity transformation initiatives

Preferred/Nice-to-Have Skills:

• Experience with other identity platforms (Ping Identity SailPoint AWS IAM)
• Knowledge of compliance frameworks relevant to identity management (SOX GDPR HIPAA NIST)
• Certifications in Microsoft identity technologies (SC-300 MS-102) or equivalent vendor certifications
• Experience with identity analytics risk-based authentication and behavioural analysis tools
• Understanding of DevSecOps practices and infrastructure-as-code for identity deployments